Privacy and data protection statement

MESNA INDUSTRIJA BRAĆA PIVAC d.o.o. from Vrgorac, Težačka 13, OIB /Personal Identification Number/: 28128148322, as the controller of your personal data, uses and protects all information which Users deliver while using the Webpage www.pivac.hr and our other services, especially regarding personal data processing when providing its services.

A personal data is every information which relates to a certain natural person or a natural person which can be determined. As personal data are specifically considered all data by which the identity of the user is determined (for instance, name and surname, email address, address of residence and similar).
Personal data processing is every operation or a set of operations which are performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as performing logical, mathematical and other operations with those data.

How do we collect personal data

We collect your personal data, among other situations, in the following cases:

• if you contact us directly via the website pivac.hr in order to request information or offer for our services, by means of our contact form
• if you answer our direct marketing campaign, for instance by filling out the contact form for entry of data on our website
• if our partners deliver your data to us in a permitted way
• if you participate in prize contests which we organise
• if you log in to the data base of potential workers by means of our contact form
• if you are younger than 16, please do not provide us with any data without the authorisation of your parents or custodian.

How can your data be used

Use of personal data in accordance with the regulations on protection of personal data has to be justified under one of the legal bases, and here we determine the bases for usage of personal data which we collect via our website.
Justified grounds for data processing are, among others, legitimate interest, contractual requirement, legal basis and approval. We use processing on the basis of legitimate interest for promoting and providing information on our services, for the purpose of maintaining the highest sales standards of products from our offer. The fundamental rights and freedoms of the existing and potential users are weighed against our interest to process data for the mentioned purpose.
Personal data can be transferred to third parties under the condition that there is a justified ground for transfer, such as fulfilment of a service, forwarding data which also concern and relate to our partners within the group (Vajda d.d. and P P K d.d.), transport and similar.
The approval for direct marketing, which we might request from you for usage of the mentioned, can be withdrawn at any moment.

We are subject to the laws of the Republic of Croatia, as well as supranational regulations, and are obliged to uphold them, including providing of your data to law enforcement authorities, regulatory and judicial authorities as well as third parties of a pending dispute, regarding procedures or investigations anywhere in the world, where it is requested. In the case that it is permitted, we will directly address you with that kind of request or inform you prior to answering, unless it could affect preventing or revealing a crime.
Providing of personal data for the purpose of compliance with obligatory requests for your data represents a legal obligation which depends on the specific request.

How do we preserve the safety of your data

We use different safety measures, including encryption and authentication, in order to protect and maintain safety, integrity and availability of your data.

Among others, we also use the following measures:

• strictly limited personal access to your data on a „necessary access“ principle
• safe transfer of collected data,
• setting up of firewalls on IT systems for the purpose of prohibition of unauthorised access
• permanent tracking of access to IT systems for the purpose of detection and prevention of misuse of personal data.

All your data are being stored on our safe servers and safe servers of our partners and are being accessed and used in accordance with our rules and safety standards. Protection of privacy of your data is permanent, and we take all necessary measures for their protection. We process personal data in a secure manner, including protection from unauthorised or illegal processing and loss.
By registering or filling out any contact form on the website www.pivac.hr, we shall request a consent to process your personal data stated in the contact form for a specific purpose/s. The purposes we can point out in the contact form request a separate consent for each.
We oblige to protect the privacy of your personal data and handle them in accordance with the EU General Data Protection Regulation (679/2016), the Act on Enforcement of the General Data Protection Regulation (Official Gazette of the Republic of Croatia “Narodne novine” 42/2018) and other applicable and valid regulations. We must not and shall not use collected personal data of the users and visitors of our webpage without authorisation, nor shall we make them available to third parties, except in cases when it is permitted by a special law, if it is our legal obligation or if it is necessary for the purpose of realisation of contractual requirements.  
We undertake not to misuse the personal data from contact forms or collected through cookies, nor to hand them over to third parties without your permission, except in cases in which it is explicitly stipulated by the law and in cases in which it is necessary to fulfil obligations. As personal data shall be considered all data used to identify the User (for instance, name and surname, email, residential address etc.), which serve to answer the inquiries of the User, statistics and possible sending of special offers and newsletters, all pursuant to specially acquired consent.
All user data are securely stored and are available only to employees to which these data are necessary for performing their work. All employees and business partners are responsible for compliance with the principle of privacy protection. We oblige to provide protection of your personal data in a manner that we collect only basic data which are necessary for fulfilment of the purpose of the given consent or legitimate interest, contractual or legal basis. We shall use data which are being automatically recorded by accessing the website (IP address, domain name, browser type, number of visits, time spent on the page etc.) exclusively to evaluate the visiting rate of the website and for improvement of its contents and functionality, i.e. for statistical purposes.
We inform Users on the manner of use of collected data and use these data for marketing campaigns exclusively having obtained the specific consent.    
Pursuant to national and supranational legislation in force, for the purpose of protection of personal data confidentiality, we commit in particular to handle your data pursuant to the law and good faith,  to collect data exclusively for specific and legal purposes, not to forward data to any third party without your prior consent, not to forward personal data to countries outside the area of the EU, if that country does not ensure adequate level of data protection; to ensure adequate, secure storage of personal data, in a manner that it does not go beyond the purpose for which the data have been collected and for which they are being processed; to ensure accuracy of personal data; ensure personal data processing only for duration and purpose for which it was intended; to undertake all necessary and appropriate technical and organisational measures in order to prevent destruction, damage or loss of User’s personal data.

You have the following rights:

1. Right of access to data - You have the right to request information whether we process your personal data, which data are we processing and request access (inquiry) to your personal data which we are processing. If it is a larger amount of data, we could request a precise specification of the request for delivery of a specific group of data.
2. Right to have data rectified - If you note that we are processing inaccurate or incomplete data on you, or if you wish to change them, you have the right to request to have these data rectified, i.e. to have incomplete personal data supplemented. In order to ensure that at any given time we are processing only your accurate data, it is necessary to inform us on any changes of your personal data without delay.
3. Right to erasure (“right to be forgotten”) - Erasure of personal data can be requested for instance if you have withdrawn your consent for processing of specific data, when your data are being processed illegally, or when they are no longer necessary regarding the purposes for which they were collected or in any way they were being processed. However, please acknowledge the fact that we will not be able to erase data if they are necessary in order to fulfil legal obligations, contractual requirements or other legal grounds pursuant to the General Data Protection Regulation.

   In all situations in which it is possible, all your personal data shall be irrevocably erased from our systems and only general statistical data shall remain, which can in no way be connected to your identity.

4. Right to restriction of processing - You have the right to acquire restriction of processing of your personal data, which can be requested for instance if you have objected to data processing, if you question the accuracy of personal data being processed or the lawfulness of their processing, but you do not wish these data to be erased, or they are needed for realisation of legal requests.
5. Right to data portability - If the processing is based on your consent or it is conducted for the purpose of performance of a contract concluded with you, and is at the same time carried out by automated means, you have the right to receipt your personal data which we acquired from you. If you request it, we shall transfer your personal data directly to another controller, if this action shall be technically feasible.
6. Right to object - At any given time, on grounds relating to your particular situation, you have the right to object to processing of personal data concerning you, for which reason we shall limit the processing of these data. We will also erase and no longer process the mentioned data, unless we are able to prove that there are reasoned and justified legal grounds for keeping them. Furthermore, at any given time you have the right to object to processing of personal data concerning you for the purpose of direct marketing. After submitting the objection, your personal data shall no longer be processed for mentioned purpose.
7. Right to consent withdrawal - If the processing of your personal data is conducted on the basis of your consent, you have the right to withdraw it at any given time, with no negative consequences.

In case you no longer wish to have your data processed in any way, you request erasure, rectification or transfer of your data, inform us by email to the address of the Data Protection Officer: dpo@pivac.hr. The Officer can contact you for the purpose of request authentication.

At any given moment you can request from us:

• Access to Privacy Policy;
• Confirmation whether data concerning you are being processed and the possibility to inspect personal data contained in the personal data storage system;
• Forwarding your personal data which are contained in the data storage system;
• Providing a list of third parties to which personal data have been transmitted, when were they transmitted, on which grounds and for which purpose;
• Providing information on sources on which registers are based, which personal data does the data storage system contain on the individual, and the means of processing;
• Providing information on the purpose of processing and type of personal data being processed, as well as all necessary explanations in that sense;
• Explanation of technical or logically technical procedures of decision making if an automated decision-making is being brought by processing of personal data of an individual.

User data, submitted by contact forms are kept for 5 (in words: five) years, or until receipt of a request for erasure from an individual to which the personal data refer, after which the personal data are erased; while other data, collected through cookies, are kept pursuant to the Cookie Policy, as it is stated for every specific purpose. We are keeping personal data longer than the mentioned period only if it is obligatory pursuant to regulations in force in the RoC or supranational regulations.
We keep data for statistical purposes for an unlimited period.
Personal data which are no longer needed are irrevocably anonymised or destructed in a secure manner.
If you have objections regarding your personal data processing, you can submit your objection to the competent state authority, i.e. Personal Data Protection Agency, Zagreb, Selska cesta 136, in accordance with the General Data Protection Regulation and the Act on Enforcement of the General Data Protection Regulation.